arthuredelstein / tor-browser Public

…avascript.

Plus tests for File API, e.g. `new File([], "").lastModifiedDate.getTime()`

Bug 19478: Prevent File API from leaking ms-resolution current time

…c4.8.2; r=luke a=lizzard"

This reverts commit fcb3177.

This fixes bug 19400. We are not affected by a buggy GCC 4.8.2.

This works around the most problematic performance regressions brought
up in bug 19276.

Do not show the "update badge" on the hamburger menu when the update
state is "downloading" (which means fallback to a complete update is
in progress).

…rst party

This fixes bug 19401 which is caused by a rebase error we overlooked.

…id running into Linux kernel limits. r=luke

…=nbp

… of StaticPinset since the SHA-1 StaticFingerprints entry will always be null. r=keeler

…p. r=keeler

…. r=keeler

Bug 19186: Drop the unneeded modification to KeyboardEvent.h.

This is a backport of
https://hg.mozilla.org/mozilla-central/rev/1d23af51e886.

Note we don't call `AsEvent()` as the original patch is doing as that
change got introduced by bug 1230216 which landed in mozilla46.

Avoid a crash when monitoring network events. The crash occurred
because the JS context's compartment was NULL when a JS stack was
requested, but the root cause remains a mystery.

When a mozconfig file contains
  ac_add_options --disable-loop

then the Loop extension will not be built or bundled with the browser.

Add a chrome mochitest that verifies that a key pinning error
is generated when the updater is configured to use one of the
"bad pin" servers that are predefined by the test framework.

Note that this test is affected by bug 18087, which means that
security.nocertdb must be set to false before running this test.

This is a partial revert of commit f1241db.

Revert most changes from Mozilla Bug 862173 "don't verify mar file hash
when using mar signing to verify the mar file (lessens main thread I/O)."

We kept the addition to the AppConstants API in case other JS code
references it in the future.

This is a backport of the bugfix for #1183318
(https://hg.mozilla.org/projects/nss/rev/68d0b829490f).

This is working for us as we are building Tor Browser optimized for
all the platforms we support.

…g in KeyboardEvent

…ents

If the user toggles the value of "browser.pocket.enabled", then menu
items (and pocket button) will be affected only after browser restart.

…to clean it. r=mossop

--HG--
extra : rebase_source : 44545607f4434a8ad03cdc59306e02517056d42c

Make sure that
screen.orientation.angle -> 0 and
screen.orientation.type -> "landscape-primary"

Also refactors screen.mozOrientation.

…ate browsing

Revert "Bug 1159090 - Only append library path for updater if it is a unique value. r=rstrong"

This reverts commit 5c4fcaf.

There should be no need to remove the OS X support introduced in
https://bugzilla.mozilla.org/show_bug.cgi?id=1225726 as enabling this
is governed by a preference (which is actually set to `false`). However,
we remove it at build time as well (defense in depth).

This is basically a backout of the relevant passages of
https://hg.mozilla.org/mozilla-central/rev/6bfb430de85d,
https://hg.mozilla.org/mozilla-central/rev/609b337bf7ab and
https://hg.mozilla.org/mozilla-central/rev/8e092ec5fbbd.

Instead of using the local computer's IP address within
symlink-based profile lock signatures, always use 127.0.0.1.

This patch fixes bug 16874 and 18767 as well.

Mozilla introduced extension signing as a way to make it harder for an
attacker to get a malicious add-on running in a user's browser. See:
https://blog.mozilla.org/addons/2015/02/10/extension-signing-safer-experience
and https://blog.mozilla.org/addons/2016/01/22/add-on-signing-update/
for some background information.

In ESR45 this feature is enabled by default and we exempt both our own
extensions and EFF's HTTPS-Everywhere from this requirement.